ยซ Changelog History


ElastiFlow v4.0.0-beta1 Release Notes

Release Date: 2019-12-28 // over 4 years ago

  • ๐Ÿš€ v4.0.0 is a major release. A data migration will be required if you want to have your older data available in 4.0.0. This BETA release does not yet include a migration method and is intended for testing with new flow data only.

    ๐Ÿ’ฅ Breaking Changes

    ๐Ÿš€ ElastiFlow v4.0.0 is built for Elasticsearch and Kibana 7.5.0 and later. No earlier versions will be supported. Please use a prior ElastiFlow release if you cannot yet upgrade to Elastic Stack 7.5.x.

    ๐Ÿš€ ElasiFlow v4.0.0 takes advantage of X-Pack Basic features, such as the Maps, SIEM and Logs apps, as well as Index Lifecycle Management (ILM). This means that you must use at least the X-Pack Basic licensed release of the Elastic Stack. The pure Apache 2.0 licensed release of the Elastic Stack will not work without disabling many features.

    ๐Ÿ†• New Features

    • Data model has changed to leverage ECS 1.4.
    • ๐ŸŒฒ Flow data can now be analyzed using the Kibana SIEM and Log apps.
    • 0๏ธโƒฃ Optional resolution of MAC OUIs to vendor names (disabled by default).
    • ๐Ÿ‘ Kibana dark theme is now supported.
    • Geo IP dashboards now leveage the new Kibana Maps app.
    • Applications can now be defined manually by IP address and port number.
    • Palo Alto virtual interface indexes are translated to interfaces names.

    โšก๏ธ Updates

    • ๐ŸŽ Pipeline refactored to simplify various logic, which might improve performance and throughput for some users.
    • ๐Ÿšš YAML dictionaries intended for customization by users have been moved to the logstash/elastiflow/user_settings path.